libX11/libXt buffer overflows and R6.3 fix-02

James Crawford Ralston (qralston+@PITT.EDU)
Thu, 24 Jul 1997 13:44:35 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Michael Shields: "Re: ICMP ECHO_REQUEST on BROADCAST--HOWTO Filter!"
Previous message: John J. McMahon: "Re: Possible Gauntlet DoS"

Has anyone [else] taken a good, hard look at XC's fix-02 to see if it
fixes the buffer overflows which were found? In particular, I compared
fix-02 against the patch Alex Belits posted to the list on May 29. I
*think* the XC caught all of the buffer overflows in some way or
another, but as far as I can tell, they didn't take care of the "NULL
pointer + small offset dereference which caused most of programs to dump
core on startup if opening display failed" (Alex's words).

At any rate, I'm building R6.3 public-patch-2 now; when I get the build
installed somewhere, I'll see if I can break it.

Alex's message (including the patch) is easily located in the BUGTRAQ
archive at <URL:http://www.netspace.org/lsv-archive/bugtraq.html>, so I
won't include it here.

--
James Crawford Ralston \ qralston+@pitt.edu \ Systems and Networks [CIS]
University of Pittsburgh \ 600 Epsilon Drive \ Pittsburgh PA 15238-2887
"Computer, you and I need to have a little talk."  - O'Brien, ST:DS9

Next message: Michael Shields: "Re: ICMP ECHO_REQUEST on BROADCAST--HOWTO Filter!"
Previous message: John J. McMahon: "Re: Possible Gauntlet DoS"